( token: string )
| 46 | * Returns verification result with userId if present in token |
| 47 | */ |
| 48 | export async function verifyInternalToken( |
| 49 | token: string |
| 50 | ): Promise<{ valid: boolean; userId?: string }> { |
| 51 | try { |
| 52 | const secret = getJwtSecret() |
| 53 | |
| 54 | const { payload } = await jwtVerify(token, secret, { |
| 55 | issuer: 'sim-internal', |
| 56 | audience: 'sim-api', |
| 57 | }) |
| 58 | |
| 59 | // Check that it's an internal token |
| 60 | if (payload.type === 'internal') { |
| 61 | return { |
| 62 | valid: true, |
| 63 | userId: typeof payload.userId === 'string' ? payload.userId : undefined, |
| 64 | } |
| 65 | } |
| 66 | |
| 67 | return { valid: false } |
| 68 | } catch (error) { |
| 69 | // Token verification failed |
| 70 | return { valid: false } |
| 71 | } |
| 72 | } |
| 73 | |
| 74 | /** |
| 75 | * Verify CRON authentication for scheduled API endpoints |
no test coverage detected